I have setup a very simple network to test a move to debian squeeze. I am using the netinst, and use the default repo to install shorewall. I created a very basic shorewall config that allows all local traffic to browse the internet. I can do anything on the internet such as FTP/P2P/ UDP Cisco VPN, etc without a problem. The one and only thing that is broken is using a PC behind the debian/shorewall firewall to connect to a Microsoft VPN server using PPTP. If I replace the debian with Lenny, then everything works fine...using same shorewall configs and same version (4.4.11) so I am assuming there is a module being loaded / helper that is causing the problem. The obvious choice was the nf_nat_pptp and nf_nat_proto_gre (+ related conntrack), but removing those did not help. I am at a loss as to where to go from here. Thanks! ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation''s a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering''s about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
On Fri, Jun 03, 2011 at 02:43:10PM -0500, Red Baron wrote:> > The one and only thing that is broken is using a PC behind the > debian/shorewall firewall to connect to a Microsoft VPN server using PPTP. > If I replace the debian with Lenny, then everything works fine...using > same shorewall configs and same version (4.4.11) >I maintain the Shorewall packages for Debian, but I do not use PPTP. Have you tried the latest version of Shorewall? I have a squeeze repository setup here: http://people.connexer.com/~roberto/debian/ That repository contains the latest wheezy/sid version, but with a backport version number for use with squeeze. I think it is a long shot, but it would help to potentially diagnose the issue. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation''s a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering''s about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
On 6/3/11 3:25 PM, Roberto C. Sánchez wrote:> On Fri, Jun 03, 2011 at 02:43:10PM -0500, Red Baron wrote: >> >> The one and only thing that is broken is using a PC behind the >> debian/shorewall firewall to connect to a Microsoft VPN server using PPTP. >> If I replace the debian with Lenny, then everything works fine...using >> same shorewall configs and same version (4.4.11) >> > I maintain the Shorewall packages for Debian, but I do not use PPTP. > Have you tried the latest version of Shorewall? I have a squeeze > repository setup here: http://people.connexer.com/~roberto/debian/ > > That repository contains the latest wheezy/sid version, but with a > backport version number for use with squeeze. I think it is a long > shot, but it would help to potentially diagnose the issue.I would also try unloading the pptp and gre helpers. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation''s a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering''s about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
It does not make a difference using the latest version from the repo listed below. I am at a loss, and I am going to get another machine just like this to verify that Lenny works whilst Squeeze does not at the exact same moment. On Jun 3, 2011, at 5:29 PM, "Roberto C. Sánchez" <roberto@connexer.com> wrote:> On Fri, Jun 03, 2011 at 02:43:10PM -0500, Red Baron wrote: >> >> The one and only thing that is broken is using a PC behind the >> debian/shorewall firewall to connect to a Microsoft VPN server using PPTP. >> If I replace the debian with Lenny, then everything works fine...using >> same shorewall configs and same version (4.4.11) >> > I maintain the Shorewall packages for Debian, but I do not use PPTP. > Have you tried the latest version of Shorewall? I have a squeeze > repository setup here: http://people.connexer.com/~roberto/debian/ > > That repository contains the latest wheezy/sid version, but with a > backport version number for use with squeeze. I think it is a long > shot, but it would help to potentially diagnose the issue. > > Regards, > > -Roberto > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > http://www.connexer.com > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation''s a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Discover what all the cheering''s about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation''s a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering''s about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
On 6/3/11 6:08 PM, Red Baron wrote:> It does not make a difference using the latest version from the repo > listed below. I am at a loss, and I am going to get another machine > just like this to verify that Lenny works whilst Squeeze does not at > the exact same moment.If Lenny works and Squeeze doesn''t, using the same Shorewall config, then I think you are posting on the wrong ML. My $.02 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation''s a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering''s about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2